The Zurich release has arrived! Interested in new features and functionalities? Click here for more

how the sso login page by default. how to show alert for unauthorized users that says go to SSO

Raj12341
Tera Contributor

‎02-15-2024 10:55 AM - edited ‎02-15-2024 10:57 AM

Hello Developer ,

client requirement-

how the sso login page by default. how to show alert for unauthorized users that says go to SSO

 

Raj12341_0-1708022985145.png

Client want that SSO login_locate_sso.do should be default page for those user who do not have Admin role.

suppose if a user does not has admin role and he try to login so for that user login_locate_sso.do should be default page and alert should be shown . Alert line should be please login via SSO.

 

and if a user has admin role so that user can login via user id and password.

Basically if user who do not have admin role so for that user SSO should be default page .

Like this.

Raj12341_0-1708023449650.png

 

How we can Implement.?

Thanks 

 

0 Helpfuls
  • 1,703 Views
8 REPLIES 8

Dr Atul G- LNG
Tera Patron
Tera Patron

‎02-15-2024 11:06 AM

Hi @Raj12341 

I dont think we can redirect based on role, as roles are inside SN and SSO is before SN. 

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0720812

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Raj12341
Tera Contributor
In response to Dr Atul G- LNG

‎02-16-2024 03:11 AM

Not useful.

 

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to Raj12341

‎02-16-2024 03:18 AM

I think there is no way to achieve this mate. Log a Now support case. 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Robbie
Kilo Patron
Kilo Patron

‎02-16-2024 04:30 AM - edited ‎02-16-2024 04:34 AM

@Raj12341,

 

Setting the SSO login page as default is absolutely possible, and should have been set up by default when SSO was configured. 

Who do you use as your SSO provider? Okta for example? Sailpoint?

 

You will need to check the configurations per your setup, but you should see something like the below screen shot where you set the homepage and redirects etc.

The image that you've provided looks as though the SSO page has not been set up correctly or appropriately.

The only way you should see the login.do page and path (as per your screen-shot) is if someone specifically navigates to this page.

Have you advised users to go to https://yourinstance.service-now.com/login.do

The url, homepage and any links to ServiceNow should always be set to https://yourinstance.service-now.com which will then redirect to your SSO page (if not already logged in)

As a courtesy FYI - it is common to disable this page as typically and theoretically no-one should be able to login via the login.do page once SSO is enabled (Although I understand why this is still available. Only admins, for example, would be able to set a password to login, general users would not be able to set a p/w and would therefore not be able to login via this route despite being able to navigate to this page.)

 

However for clarity and what I think others have advised is, we cannot identify a user until they've logged in, so it would not be possible to set a default login page based on role before they've logged in. How do we know who someone is? Hence, SSO page is the default.

 

Here's an SN article re Multi SSO providers and setting one up etc.

https://docs.servicenow.com/bundle/washingtondc-platform-security/page/integrate/single-sign-on/conc...

 

Below is a screenshot taken from an 'Identity Provider' where you would set up your login default pages etc

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 

Screenshot 2024-02-16 at 12.25.02.png

0 Helpfuls